<?php   
class ControllerUDEMCommonFilter extends Controller { 
	
	public function login() {
		$route = '';
		
		if (isset($this->request->get['route'])) {
			$part = explode('/', $this->request->get['route']);
			
            for($i = 0; $i < count($part); $i ++){
                if($i == 0){
                    $route .= $part[$i];
                } else if(isset($part[$i])){
                    $route .= '/' . $part[$i];
                }
            }
            
			//if (isset($part[0])) {
//				$route .= $part[0];
//			}
//			
//			if (isset($part[1])) {
//				$route .= '/' . $part[1];
//			}
//			
//			if(isset($part[2])) {
//				$route .= '/' . $part[2];
//			}
		}
		
		$ignore = array(
			UDE_M_PREFIX . 'common/login',
			UDE_M_PREFIX . 'error/token_invalid'
		);	
		
		//The user has not logged in and the route is not in the ignore list.			
		if (!$this->user->isLogged() && !in_array($route, $ignore)) {
			return $this->forward(UDE_M_PREFIX . 'error/token_invalid');
		}
		
		//Token invalid
		if (!in_array($route, $ignore) && (isset($this->session->data['token']) && !isset($this->request->get['token'])) || ((isset($this->request->get['token']) && (isset($this->session->data['token']) && ($this->request->get['token'] != $this->session->data['token']))))) {
			return $this->forward(UDE_M_PREFIX . 'error/token_invalid');
		}
		
		if (isset($this->request->get['route'])) {
			$ignore = array(
				UDE_M_PREFIX . 'common/logout',
				UDE_M_PREFIX . 'common/forgotten',
				UDE_M_PREFIX . 'common/reset',
				UDE_M_PREFIX . 'error/not_found',
				UDE_M_PREFIX . 'error/permission',
				UDE_M_PREFIX . 'error/token_invalid',
				UDE_M_PREFIX . 'common/login'
			);
						
			$config_ignore = array();
			
			if ($this->config->get('config_token_ignore')) {
				$config_ignore = unserialize($this->config->get('config_token_ignore'));
			}
				
			$ignore = array_merge($ignore, $config_ignore);
					
			if (!in_array($route, $ignore) && (!isset($this->request->get['token']) || !isset($this->session->data['token']) || ($this->request->get['token'] != $this->session->data['token']))) {
				return $this->forward(UDE_M_PREFIX . 'error/token_invalid');
				
			}
		} else {
			
			if (!isset($this->request->get['token']) || !isset($this->session->data['token']) || ($this->request->get['token'] != $this->session->data['token'])) {
				return $this->forward(UDE_M_PREFIX . 'error/token_invalid');
				
			}
		}
	}	
	
	public function permission() {
		if (isset($this->request->get['route'])) {
			$route_possible = $this->request->get['route'];
		
			$route = '';
			
			$parts = explode('/', $route_possible);
			
			array_pop($parts);
			
			foreach($parts as $part){
				if(empty($route)){
					if($part)
						$route .= $part;
				} else {
					if($part)
						$route .= '/' . $part;
				}
			}
   
            $access = strpos($route, UDE_M_PREFIX);
            if($access === false || $access != 0){
                return $this->forward(UDE_M_PREFIX . 'error/permission/notAccess');
            }
            
			$ignore = array(
				'common/home',
				UDE_M_PREFIX . 'common/filter',
				UDE_M_PREFIX . 'common/login',
				UDE_M_PREFIX . 'common/logout',
				UDE_M_PREFIX . 'error/not_found',
				UDE_M_PREFIX . 'error/permission',	
				UDE_M_PREFIX . 'error/token',
				UDE_M_PREFIX . 'error/token_invalid',
				UDE_M_PREFIX . 'common/login'	
					
			);			
			
			if (!in_array($route, $ignore) && !in_array($route_possible, $ignore)) {
				if (!$this->user->hasPermission('access', $route) && !$this->user->hasPermission('access',$route_possible)) {
					return $this->forward(UDE_M_PREFIX . 'error/permission');
				}
			}
		}
	}
    
}
?>